Closed PeterDaveHello closed 6 months ago
Hm, we can, but it isn't priority over implementing ODoH and DNS over Tor; unless there are use-cases specifically only DoT can address. Thoughts?
I'm no expert of DoT or DoH, didn't know any something only DoT can address yet, DoH might be even harder to be blocked, which is good.
Just one small weakness I think that DoH has but DoT might not: the HTTP user-agent header. I saw that the RethinkDNS app will send the user agent string: Intra
, though it doesn't contain any personal information, it'll be part of fingerprinting and user profiling, would be great if you'll like to set it to an empty string, currently, iOS and Firefox seems to do so ;)
Makes sense: We should remove the user-agent.
DoT doesn't add anything worthwhile (but does add an overhead for us to then maintain the codebase): Of course, DoT has no metadata of the sort that HTTP clients may add, but that really is made up by, as you point out, its ability to get past firewalls.
Cool, I tried to prepare a pull request with that needed change, but didn't find out where to modify the user agent, not familiar with app development, do you have any hints?
Update: looks like the user agent string might come from https://github.com/Jigsaw-Code/Intra/, so either remove it there, or overwrite it here.
The code may not build as it is in a midst of a rewrite that I abandoned midway (will resume soon), but feel free to make that change and send a PR (:
DoT impl is in firestack: https://github.com/celzero/firestack/commit/d72558727bfb394c9c7646557f31abaddbc991ab
UI pending.
UI done impl v055b
: https://github.com/celzero/rethink-app/releases/tag/v0.5.5b
Currently, there're only three types of DNS supported in the app(Screenshot took from RethinkApp v053g):
screenshot
rdns dns config: ![RethinkApp v053g Screenshot](https://user-images.githubusercontent.com/3691490/151756302-39eb5b1c-8a2e-474c-896e-eee5b27bf980.jpg)Just wondering if there's any plan to support DNS over TLS in the App? Thanks!